Day two didn’t change my opinion from day one, but it does introduce a few new nuances. If you consider “my” information to be content (text, video, images, likes) that I’ve personally submitted to Facebook … sure I have some control over ‘my’ data. Not the granular level of control I would prefer, not always readily usable control, and like all things on the Internet (including user data downloaded by a third party), I don’t have control over what people who have access to my data can subsequently do with it. But Facebook has a whole other realm of my data — metadata from images or videos, geo-location information (maybe IP-based with low accuracy, maybe GPS with high accuracy), how long I spent looking at what content, what time of day I log on … and that’s just information gathered directly from my usage of the web site.
Block third party cookies in your web browser (seriously, do it) and see how often adobetm.com, disqus.com, doubleclick.net, facebook.com, google.com, twitter.com, and youtube.com show up in the blocked cookie list.
Particular interesting tidbit from the House proceedings was the “Facebook Pixel” – so named because of the single transparent pixel served from a Facebook site if the actual script-based tracking is blocked by the browser. It’s a little code snippet with a function that allows the site owner to track specific actions within the site (i.e. there’s a difference between “someone who visited my site two months ago and has not been back”, “someone who visits my site every other day”, and “someone who spent 100 bucks at my site”) using the standard events (currently nine) and a custom catch-all event. Advertisers then have target audiences created for their custom site data — this means the advertiser cannot see that I visited their site twice a week or spent over ten bucks in the past quarter but they can elect to spend money on ads delivered to people who have visited their site twice in the past week or not deliver ads to people who purchased merchandise in the last month.
Looking through the developer documentation, that is a LOT of really personal information about me that I am not consenting to provide Facebook (in fact, they’re getting that information for people who aren’t even account holders – just their “match pixel to user” algorithm falls out and creates some phantom profile to track the individual instead of landing on a known user’s account). And it’s a lot of really personal information over which I have no control. There’s a difference between opting out of interest based advertising and opting out of tracking. And how exactly can I go about
In the particular case of the Facebook pixel, the script function is housed on a Facebook server. You can pretty easily prevent this bit of tracking. Add a line in your hosts file (/etc/hosts, c:\windows\system32\drivers\etc\hosts) to map the hosting server to your loopback address:
127.0.0.1 connect.facebook.net
Voila, fbq is no longer a valid function. I haven’t noticed any adverse impact to actual Facebook use (although I assume were a significant number of people to block their script host … they’d move it over to a URI that impacted site usage).
Facebook’s debugging tool, meant for advertisers and their developers, confirms the code failed to execute. Browser specific if the <noscript> content is loaded or not – it’s not in my case.
The same approach can be used to block a number of tracking services – script content served from dedicated servers don’t impact general web usability.
127.0.0.1 connect.facebook.net 127.0.0.1 www.google-analytics.com 127.0.0.1 disqus.com 127.0.0.1 cse.google.com 127.0.0.1 bat.bing.com 127.0.0.1 www.googleadservices.com 127.0.0.1 sjs.bizographics.com 127.0.0.1 www.googletagmanager.com 127.0.0.1 chimpstatic.com 127.0.0.1 cdnjs.cloudflare.com 127.0.0.1 api.cartstack.com 127.0.0.1 js-agent.newrelic.com 127.0.0.1 se.monetate.net 127.0.0.1 assets.adobetm.com 127.0.0.1 tribl.io